{master_key_type=aes256-cts-hmac-sha1-96}
{dummy=[verbose -log "AES + DES enctypes"]}
}
- {
- aes-tcp
- mode=tcp
- des3_krbtgt=0
- {supported_enctypes=aes256-cts-hmac-sha1-96:normal}
- {kdc_supported_enctypes=aes256-cts-hmac-sha1-96:normal}
- {permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96}
- {permitted_enctypes(client)=aes256-cts-hmac-sha1-96}
- {permitted_enctypes(server)=aes256-cts-hmac-sha1-96}
- {master_key_type=aes256-cts-hmac-sha1-96}
- {dummy=[verbose -log "AES via TCP"]}
- }
{
aes-des3
mode=udp
}
{dummy=[verbose -log "DES3 TGT, default enctypes"]}
}
+ {
+ aes-tcp
+ mode=tcp
+ des3_krbtgt=0
+ {supported_enctypes=aes256-cts-hmac-sha1-96:normal}
+ {kdc_supported_enctypes=aes256-cts-hmac-sha1-96:normal}
+ {permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96}
+ {permitted_enctypes(client)=aes256-cts-hmac-sha1-96}
+ {permitted_enctypes(server)=aes256-cts-hmac-sha1-96}
+ {master_key_type=aes256-cts-hmac-sha1-96}
+ {dummy=[verbose -log "AES via TCP"]}
+ }
}
# {supported_enctypes=des-cbc-md5:normal des-cbc-crc:normal twofish256-hmac-sha1:normal }
# {kdc_supported_enctypes= des-cbc-md5:normal des-cbc-crc:normal twofish256-hmac-sha1:normal}
stop_kerberos_daemons;
} [exit -onexit]]
+# run_once
+
+# Many tests are independent of the actual enctypes used, which is
+# what our passes are (currently) all about. Use this to prevent
+# multiple invocations. If a test depends on, say, the master key
+# type but nothing else, you could also use the master key type in the
+# tag name, and avoid redundant tests in additional passes using the
+# same master key type.
+
+proc run_once { tag body } {
+ global run_once_tags
+ if ![info exists run_once_tags($tag)] {
+ set run_once_tags($tag) 1
+ uplevel 1 $body
+ }
+}
+
# check_k5login
# Most of the tests won't work if the user has a .k5login file, unless
# Password-changing Kerberos test.
# This is a DejaGnu test script.
-# Set up the Kerberos files and environment.
-if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
- return
-}
-
# We are about to start up a couple of daemon processes. We do all
# the rest of the tests inside a proc, so that we can easily kill the
# processes when the procedure ends.
}
}
-set status [catch doit msg]
+run_once iprop {
+ # Set up the Kerberos files and environment.
+ if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
+ return
+ }
-stop_kerberos_daemons
+ set status [catch doit msg]
-set ulog 0
-reset_kerberos_files
-file delete $tmppwd/adb $tmppwd/adb.ok $tmppwd/db.ulog
+ stop_kerberos_daemons
-if { $status != 0 } {
- send_error "ERROR: error in iprop.exp\n"
- send_error "$msg\n"
- exit 1
+ set ulog 0
+ reset_kerberos_files
+ file delete $tmppwd/adb $tmppwd/adb.ok $tmppwd/db.ulog
+
+ if { $status != 0 } {
+ send_error "ERROR: error in iprop.exp\n"
+ send_error "$msg\n"
+ exit 1
+ }
}
pass "kadmin.local correct high kvno"
}
}
-
- if { $mode == "tcp" } {
- set response {}
- set got_response 0
- set kdcsock ""
- catch {
- send_log "connecting to $hostname [expr 3 + $portbase]\n"
- set kdcsock [socket $hostname [expr 3 + $portbase]]
- fconfigure $kdcsock -encoding binary -blocking 0 -buffering none
- puts -nonewline $kdcsock [binary format H* ffffffff]
- # XXX
- sleep 3
- set response [read $kdcsock]
- set got_response 1
- } msg
- if [string length $kdcsock] { catch "close $kdcsock" }
- if $got_response {
-# send_log [list sent length -1, got back $response]
-# send_log "\n"
- if [string length $response]>10 {
- pass "too-long TCP request"
- } else {
- send_log "response too short\n"
- fail "too-long TCP request"
- }
- } else {
- send_log "too-long connect/exchange failure: $msg\n"
- fail "too-long TCP request"
- }
- }
}
set status [catch doit msg]
--- /dev/null
+# Standalone Kerberos test.
+# This is a DejaGnu test script.
+# This script tests that the Kerberos tools can talk to each other.
+
+# This mostly just calls procedures in testsuite/config/default.exp.
+
+# We are about to start up a couple of daemon processes. We do all
+# the rest of the tests inside a proc, so that we can easily kill the
+# processes when the procedure ends.
+
+proc doit { } {
+ global REALMNAME
+ global KLIST
+ global KDESTROY
+ global KEY
+ global KADMIN_LOCAL
+ global KTUTIL
+ global hostname
+ global tmppwd
+ global spawn_id
+ global supported_enctypes
+ global KRBIV
+ global portbase
+ global mode
+
+ # Start up the kerberos and kadmind daemons.
+ if ![start_kerberos_daemons 1] {
+ return
+ }
+
+ # Use kadmin to add an host key.
+ if ![add_random_key host/$hostname 1] {
+ return
+ }
+
+ # Use ksrvutil to create a srvtab entry.
+# if ![setup_srvtab 1] {
+# return
+# }
+
+ # Use kinit to get a ticket.
+ if ![kinit krbtest/admin adminpass$KEY 1] {
+ return
+ }
+
+ # Make sure that klist can see the ticket.
+ if ![do_klist "krbtest/admin@$REALMNAME" "krbtgt/$REALMNAME@$REALMNAME" "klist"] {
+ return
+ }
+
+ # Destroy the ticket.
+ spawn $KDESTROY -5
+ if ![check_exit_status "kdestroy"] {
+ return
+ }
+ pass "kdestroy"
+
+ set response {}
+ set got_response 0
+ set kdcsock ""
+ catch {
+ send_log "connecting to $hostname [expr 3 + $portbase]\n"
+ set kdcsock [socket $hostname [expr 3 + $portbase]]
+ fconfigure $kdcsock -encoding binary -blocking 0 -buffering none
+ puts -nonewline $kdcsock [binary format H* ffffffff]
+ # XXX
+ sleep 3
+ set response [read $kdcsock]
+ set got_response 1
+ } msg
+ if [string length $kdcsock] { catch "close $kdcsock" }
+ if $got_response {
+# send_log [list sent length -1, got back $response]
+# send_log "\n"
+ if [string length $response]>10 {
+ pass "too-long TCP request"
+ } else {
+ send_log "response too short\n"
+ fail "too-long TCP request"
+ }
+ } else {
+ send_log "too-long connect/exchange failure: $msg\n"
+ fail "too-long TCP request"
+ }
+}
+
+set status 0
+run_once tcp {
+ # Set up the Kerberos files and environment.
+ set mode tcp
+ reset_kerberos_files
+ if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
+ set mode udp
+ reset_kerberos_files
+ return
+ }
+ # Reset now, for next time we write the config files.
+ set mode udp
+
+ # Initialize the Kerberos database. The argument tells
+ # setup_kerberos_db that it is being called from here.
+ if ![setup_kerberos_db 1] {
+ reset_kerberos_files
+ return
+ }
+
+ set status [catch doit msg]
+}
+
+reset_kerberos_files
+stop_kerberos_daemons
+
+if { $status != 0 } {
+ send_error "ERROR: error in standalone.exp\n"
+ send_error "$msg\n"
+ exit 1
+}
projects / krb5.git / commitdiff